Switzerland won’t save you, either: Why e-mail might still be safer in US

Still, the country reported just 20 cases of real-time Internet wiretapping in 2012.

Back when he was still a National Security Agency contractor, Edward Snowden chose the privacy-minded e-mail provider Lavabit for his correspondence. It was from that account that he ultimately divulged his secrets to American journalists. Since Snowden became a household name, Lavabit shut down under legal pressure from a US court to hand over the keys to its kingdom as a way to get at Snowden’s data.

Inspired by that episode over two months ago, I kicked the tires on a couple of privacy-minded e-mail providers, one based in the United States and another based in Germany. My conclusion? Europe won’t save you. In particular, German law wouldn’t offer more legal protection—and it could possibly offer less than an American provider.

Of course, not all of Europe is created equal—28 countries are part of the European Union. But there are many strong, privacy-minded countries that sit apart, like Switzerland. The Swiss Confederation is well-known for its Alpine air, chocolates, clocks, neutrality, secrecy, and privacy—particularly in banking. (Plus, it has a special place in my heart as I spent a year in high school living there from 1997 to 1998.)

So can a Swiss company provide better e-mail security and privacy than many European Union countries or the United States? Again, it’s a tough question, but after examining the relevant Swiss law and talking with Swiss lawyers and one privacy-minded Swiss e-mail provider, the answer is probably yes, but with one big caveat: user notification of surveillance is not always transparent. (Still, making a definitive call on the most secure e-mail service is difficult, as there are few real-world legal scenarios to examine.)

Switzerland, like nearly all of its European neighbors, has a de facto gag order on user notification. Meaning that if I have my e-mail at Swiss Company X and I’m being investigated, there’s essentially no chance that I will find out about such surveillance until after the investigation is complete. In the United States, while there are often court-ordered restrictions on companies alerting their users to surveillance or data handovers, it's not an inherent restriction. The Electronic Frontier Foundation and other related groups worldwide have called for the principle of user notification.

“The big difference is that [in Switzerland] there is an obligation by the prosecutor to notify the target [of surveillance] as soon as possible, but the latest before the end of the investigation,” Sylvain Métille, a Swiss data protection lawyer, told Ars. “Then the target will have 10 days to appeal and will begin a new appeals process with a separate court to challenge after the fact.”

The Swiss Penal Code (Article 279) also provides a means to defer or waive that notification if the case is not brought to trial or if it is “essential to protect public or private interests.” American law (18 USC § 2705 - Delayed notice), by contrast, says that notice must be given unless there is imminent harm to a person or investigation, and that can only be delayed for 90 days (which can be renewed).

In other words, American companies have the option to disclose surveillance far sooner than Swiss companies would. To be fair, American companies not under a mandatory gag order can (and do) say frustratingly little about the legal pressures that they face. While Google, Facebook, Twitter and other companies continue to fight the government at the highest level, Verizon, AT&T, and other telcos have told the public hardly anything. Google, for example, takes the policy that it will notify a target while an investigation is going on unless explicitly forbidden from doing so.

As we wrote previously, properly encrypted e-mail offers the best security for messages both in transit and at rest. But as many Ars readers who have acted as informal tech support for their non-techy friends and family can attest, relatively few people are going to be encrypting all their e-mails by default anytime soon. So the next best thing might just be to choose an e-mail provider that will collect as little of your information as possible and will not readily turn over what other information it does have, such as IP logs or even user e-mail accounts themselves. (And yes, you can roll your own mail server or have proper hosting—but a lot of people just want turnkey e-mail. Again, think about what your family members use.)

“In terms of privacy, anything is better than Google, I'd guess,” Ralf Bendrath, a senior policy advisor to a German member of the European Parliament, told Ars earlier this year. “In terms of usability, of course not. Everybody has to decide for himself or herself where the priorities are.”

Meet MyKolab

So why examine Switzerland? Following my October 2013 article, the head of Swiss e-mail provider MyKolab got in touch, both e-mailing me and leaving a comment on the story.

Among other things, CEO Georg Greve wrote:

And there is one country which you do not explore that has a much stronger legislative framework than most other countries, which is Switzerland. Abusing data is a criminal offence, no exceptions. Even if the CEO of a hosting business would learn of abuse among their staff and not report it to the proper authorities, they would likely look at jail time.

Secondly, unlike in the US or Germany, *all* requests must go through a judge and be publicly documented in anonymized form and with proper attribution to the criminal code. Secret service has been explicitly stripped of all powers inside the country and there is no other legal way for foreign powers to obtain the data than through the international assistance treaties where requests for information must hold up under *Swiss* law.

MyKolab has been the object of a lot of attention in recent months: it was endorsed by Pamela Jones of Groklaw, whose approval made the rounds in the tech press. Following that surge of attention, MyKolab began offering a “lite” (and less expensive) version of its services, starting around $5 per month. By early December 2013, it even began accepting Bitcoin as payment. The chief executive told Ars recently that the company has seen a lot of interest; MyKolab has gained thousands of paid accounts in recent months.

The Zürich-based company certainly sounds like a good option. Its Frequently Asked Questions page includes questions like:

Some other providers claim to use server side cryptography to store my data encrypted so they cannot access it. Do you do that as well?

While the hard disks themselves do not store data in plain format, we currently have no plans for user-based encrypted storage. The reason is simple and has been explained very well by Moxie Marlinspike. In short: With server-side encryption, the provider holds the encrypted data, the key, and the passphrase, as all three need to pass through the web interface and be available on the server. So the provider does have access to all the data despite the encryption, it's just a matter of whether the provider chooses to make use of that capability, just as if the data were not per-user encrypted.

We don't believe in misleading our users in this way.

…

Do you strip identifying information from email headers?

Yes. If you use a local client to send mail via MyKolab.com, we strip your IP address and the mail program you have been using. Recipients will only be able to tell that you sent mail as a valid MyKolab.com user, but not from where and with which software. The same is true when you use the web client.

Judicious use of wiretaps

Part of MyKolab’s entire value proposition (and presumably that of other Swiss e-mail providers) is that not only does it have a privacy-minded setup on the company’s own technical side, but Swiss law is apparently not permissive of the types of wholesale access that has been proven to occur in the United States.

“If [Swiss authorities] would say, 'We want to break into your system and install a surveillance system to have even better access to your customers,' this would not be allowed, because the way it is foreseen by the law—handover of SSL keys would not be possible to request in Switzerland,” MyKolab’s attorney, Simon Schlauri, told Ars.

There are two primary elements that appear to buttress the argument that storing data in Switzerland is a great idea: firstly, the Swiss Criminal Procedure Code puts strict limits on what type of digital surveillance (French) may or may not be used. Case in point: Swiss law enforcement is not allowed to use a given technique unless it is specifically authorized and regulated under the law. By comparison, American law enforcement tends to take the attitude that it will use whatever tools are at its disposal until that tool is reined in.

Swiss law significantly deters violations of [the Swiss Criminal Penal Code]. Only government officials may use one of the surveillance measures listed under [the Criminal Penal Code], and only after satisfying its statutory requirements. The Criminal Code prohibits the use of surveillance without authorization and treats any information gathered by such surveillance as illegally obtained and subject to the exclusionary rule when challenged by the subject. In addition, officials who conduct surveillance in violation of [the Criminal Penal Code] risk disciplinary measures and prosecution.

Further, it’s a crime for corporate representatives or law enforcement agents to access data on an unauthorized basis, punishable by a fine of up to 10,000 Swiss francs ($11,100) or three months in prison. (Ars hasn’t been able to find out any statistics showing how often that law is actually enforced.) Under the Swiss Criminal Penal Code Article 321 (French), a representative of a telecom firm can be punished for up to three years in prison for disclosing user data improperly.

“That's the reason why there is not a lot of court cases—police officers know that they will be personally liable [if caught,]” Sylvain Métille, the Swiss lawyer, and one of the co-authors of that paper, told Ars. “If he's convicted, that's the end of his career, so he will be much more cautious.”

Secondly, beyond that, surveillance of any kind is pretty rare, and there are only a handful of cases each year that have to do with Internet surveillance. According to the Swiss Federal Department of Justice and Police, in 2012 there were only 20 instances (XLS) of real-time Internet wiretapping in Switzerland and 26 instances of retroactive Internet metadata collection. (That’s out of a broader total of a few thousand cases annually of telecommunications surveillance.)

“The Swiss system is more comprehensive, and simpler,” said Susan Freiwald, the paper’s other author and a law professor at the University of San Francisco. “One of the hurdles here is how complicated our system is. My overall take is that if you look at all the factors together, their system is simpler, more comprehensive, and more protective overall. They treat records almost as [equally] as content, and it is easier to understand by the public and the courts. They have this proportionality rule which we don’t have. They have meaningful remedies that we don’t have.”

Trust, but verify

All of that sounds pretty good, right? Still, moving all your correspondence to a Swiss company is no panacea. Along with many of its other European counterparts, Switzerland also has mandatory data retention by telecommunications firms for six months, and it has a mutual legal assistance treaty with the United States.

But more so than anything else, Switzerland, like European Union countries, has a mandatory gag order on companies who serve the targets of surveillance. So if a company like MyKolab were to be served with a judicial order to hand over a user’s data, it couldn’t tell anyone about it.

That’s not the case in the United States, according to Nate Cardozo, a staff attorney at the Electronic Frontier Foundation. (Full disclosure: he's a friend of the author).

“In the US, it is indeed the case that the vast majority of wiretap requests come with a mandatory gag order,” he said. “But not so of other sorts of requests for user data. For instance, warrants directed at Google for access to a suspect's e-mail may not be gagged. Nor are the majority of requests for subscriber information.”

“But in all cases, law enforcement seeking a gag must make an additional showing to the judge before the gag issues. It's not simply automatic, even for wiretapping. And even in the case of a wiretapping gag, the gag is not permanent. The target will get notice of the wiretap after 90 days (which can be extended, but again, such extension takes additional action by the judge).”

In other words, the way Swiss law is set up at present is that members of the public (you and me) can’t know if MyKolab, Swisscom, Orange, or any other Swiss tech company has been ordered to hand over user data. So while it’s nice that Swiss authorities provide a specific number of the times that Internet surveillance is undertaken, it’s impossible to verify if that number is indeed accurate.

“There’s no surveillance of the surveillance.”

For Métille, though, this notification issue isn’t his biggest problem with the Swiss setup. He feels that Swiss data protection law probably provides the strongest legal security for e-mail compared with any other country—but he still has a quibble with how it works in his home country. Mainly, there’s little enforcement to make sure that the user notification takes place, even after the fact.

“For me, the weakness of the Swiss law is more that nobody controls the fact if you've been notified or not,” he noted.

“If the evidence is not used, you have to trust the prosecution that they will inform people. The surveillance court doesn't have a way to look in all cases if it's been notified or not. There should be some commission that should receive a copy of all surveillance orders and all notifications forms and to match them. There's no surveillance of the surveillance.”

That’s why MyKolab has set up a warrant canary on its website, noting:

What we do know is that Kolab Systems has received a total of
0 requests to access customer data
0 such requests were granted, and
0 such requests were denied.

Should these numbers change we'll update this page accordingly. It was not necessary to update it since August 1st 2013.

Warrant canaries work like this: a company publishes a notice saying that a warrant has not been served as of a particular date. Should that notice be taken down, users are to surmise that the company has indeed been served with one. The theory is that while a court can compel someone to not speak (a gag order), it cannot compel someone to lie. The only problem is that warrant canaries have yet to be fully tested in court, in Switzerland or in the United States.

“The entire country is under a closer level of scrutiny [than the United States,]” Georg Greve, the CEO of MyKolab, told Ars. “The system works well enough that you can rely on it. Switzerland, unlike the US, cannot conduct espionage without the government knowing about it. [Our national security services] have no mandate in the country and there is not a single case or hearsay or documented at any point in time of any agency coming to any provider. None of us have heard of a case like that in 20 years. We have a high degree of certainty that this is not happening at all.”

So, should you move all your e-mail to the snowy, mountainous confines of Switzerland?

I still don't understand the argument about gag orders. The US does have gag orders which can be used for basically anything and not limited to single people but mass surveillance and that for an indefinite amount of time (very impressively demonstrated the last few months I'd say, or are you claiming that if google got a national security letter demanding it disclose all data of an user account, they'd be allowed to disclose that fact?)

Both Switzerland and Germany on the other hand limit gag orders to single cases and they have to disclose it after a limited amount of time. Sure they could ignore the law, but if we're operating under the "Laws don't mean anything they can be ignored" rule, the rest of this article doesn't make any sense since the same limitation applies.

I still don't understand the argument about gag orders. The US does have gag orders which can be used for basically anything and not limited to single people but mass surveillance and that for an indefinite amount of time (very impressively demonstrated the last few months I'd say, or are you claiming that if google got a national security letter demanding it disclose all data of an user account, they'd be allowed to disclose that fact?)

Both Switzerland and Germany on the other hand limit gag orders to single cases and they have to disclose it after a limited amount of time. Sure they could ignore the law, but if we're operating under the "Laws don't mean anything they can be ignored" rule, the rest of this article doesn't make any sense since the same limitation applies.

To me its just something to think about than it is a negative against Switzerland for e-mail. Switzerland does seem to be more resilient to abuse of the legal system when it comes to user privacy compared to the US, but its not bulletproof. If a .gov really wants to get at you bad, they will find a way in.

This just serves to be a very good deterrent against mass, unspecific surveillance. Similar to a rudimentary firewall that doesn't have all the bells and whistles for specific, targeted attacks but blocks many of the common ones. It doesn't stop everything, but you don't make it nearly as easy to get in as it used to be.

Does rolling your own email server and running it at home get you any additional privacy (in the eyes of the law)? Some of what I've read about how the NSA justifies sucking up data is because what they get is shared with a 3rd party. If you and I both run mail between our servers, that are sitting in our houses, will that still be considered shared by 3rd parties? With hardware like the Raspberry Pi and Shivaplug, it seems like it should be a fairly simple and inexpensive thing to do, too.

If nothing else, you could easily know if the NSA or whoever sent a request for information.

Meaning that if I have my e-mail at Swiss Company X and I’m being investigated, there’s essentially no chance that I will find out about such surveillance until after the investigation is complete.

And that's exactly how it should work. Switzerland sounds perfect.

I have nothing to hide in my email, I would never put anything private on a remote server without strong encryption.

If the government reads my email, they won't find anything, it'll just prove me innocent of whatever crime the suspected me of. If it happens, I want to know about it so I can sue them for investigating without enough evidence to justify breaching my privacy.

The NSA doesn't have to stop what they're doing, they just have to make sure every individual person finds out exactly how their privacy was breached, so they have a chance to take it to court.

Meaning that if I have my e-mail at Swiss Company X and I’m being investigated, there’s essentially no chance that I will find out about such surveillance until after the investigation is complete.

And that's exactly how it should work. Switzerland sounds perfect.

The NSA doesn't have to stop what they're doing, they just have to make sure every individual person finds out exactly how their privacy was breached, so they have a chance to take it to court.

I am confused, are you sure you've read what you've quoted? Farivar describes that there is close to no chance that he will find out if he is under surveillance, should he be under investigation. Yet you say the NSA should start informing people it has put under surveillance, that seems to be countering your point about how exactly it should work relaying to the Swiss uncertainty.

Does rolling your own email server and running it at home get you any additional privacy (in the eyes of the law)? Some of what I've read about how the NSA justifies sucking up data is because what they get is shared with a 3rd party. If you and I both run mail between our servers, that are sitting in our houses, will that still be considered shared by 3rd parties? With hardware like the Raspberry Pi and Shivaplug, it seems like it should be a fairly simple and inexpensive thing to do, too.

If nothing else, you could easily know if the NSA or whoever sent a request for information.

This is where I would go as well. For us Techies, this is pretty straight forward once you grab your domain name. Using a free DNS service coupled with your own email server should do the trick. That is until the NSA taps the fiber leading to your ISP or worse yet they get invited from your ISP to help-themselves to your data. That ultimately is the problem. Our gov has access to it all; if they want it...

Does rolling your own email server and running it at home get you any additional privacy (in the eyes of the law)? Some of what I've read about how the NSA justifies sucking up data is because what they get is shared with a 3rd party. If you and I both run mail between our servers, that are sitting in our houses, will that still be considered shared by 3rd parties? With hardware like the Raspberry Pi and Shivaplug, it seems like it should be a fairly simple and inexpensive thing to do, too.

If nothing else, you could easily know if the NSA or whoever sent a request for information.

You would have to make a certificate to get your email encrypted. At that point, you might as well set up gpg.

But really, I think the only way to get security with a home email server is to only exchange email with people who have home email servers. I email people with freakin' yahoo and Gmail accounts.

The big advantage to having a home email server is you can avoid web access that hackers like to exploit to get at your email. I was hacked by a roundcube exploit. I had my PayPal email address changed twice until the sysadmin did the patch. I was pissed, but he did agree to set up a honey trap and get the IP of the hacker. PayPal refused to release any information without a court order. The hacker was in Morocco.

Note I had a RSA code generator on the account, but at the time paypal had very lax rules about how it was required for transactions.

I'm convinced at this point gpg is the only solution. But the NSA could hack your computer and steal the certificate.

Does rolling your own email server and running it at home get you any additional privacy (in the eyes of the law)? Some of what I've read about how the NSA justifies sucking up data is because what they get is shared with a 3rd party. If you and I both run mail between our servers, that are sitting in our houses, will that still be considered shared by 3rd parties? With hardware like the Raspberry Pi and Shivaplug, it seems like it should be a fairly simple and inexpensive thing to do, too.

If nothing else, you could easily know if the NSA or whoever sent a request for information.

This is where I would go as well. For us Techies, this is pretty straight forward once you grab your domain name. Using a free DNS service coupled with your own email server should do the trick. That is until the NSA taps the fiber leading to your ISP or worse yet they get invited from your ISP to help-themselves to your data. That ultimately is the problem. Our gov has access to it all; if they want it...

You need to visualize unencrypted email as a postcard going through the snail mail. Thus home servers alone are not the answer.

Are there circumstances where the USA authorities will request information/surveillance on you and your provider is free to inform you ASAP? Yes.Are there circumstances where the Swiss authorities will request information/surveillance on you and your provider is free to inform you ASAP? Probably no.

But the big question is: are there circumstances where the authorities will request information/surveillance on you and your USA provider is free to inform you ASAP while your Swiss provider is gagged? Not quite clear.

To me, it looks like the kind of circumstance where your USA provider is free to inform you about a request is the kind of circumstance your Swiss provider never gets a request, because if he did comply, everyone involved could end up in jail.

Does rolling your own email server and running it at home get you any additional privacy (in the eyes of the law)? Some of what I've read about how the NSA justifies sucking up data is because what they get is shared with a 3rd party. If you and I both run mail between our servers, that are sitting in our houses, will that still be considered shared by 3rd parties? With hardware like the Raspberry Pi and Shivaplug, it seems like it should be a fairly simple and inexpensive thing to do, too.

If nothing else, you could easily know if the NSA or whoever sent a request for information.

You would have to make a certificate to get your email encrypted. At that point, you might as well set up gpg.

But really, I think the only way to get security with a home email server is to only exchange email with people who have home email servers. I email people with freakin' yahoo and Gmail accounts.

The big advantage to having a home email server is you can avoid web access that hackers like to exploit to get at your email. I was hacked by a roundcube exploit. I had my PayPal email address changed twice until the sysadmin did the patch. I was pissed, but he did agree to set up a honey trap and get the IP of the hacker. PayPal refused to release any information without a court order. The hacker was in Morocco.

Note I had a RSA code generator on the account, but at the time paypal had very lax rules about how it was required for transactions.

I'm convinced at this point gpg is the only solution. But the NSA could hack your computer and steal the certificate.

Sounds like a plan, at least a start. And remember, 10 years ago you emailed people with freakin' aol and compuserve accounts, and Gmail was the fresh new kid on the block. Seems like someone could figure out a fairly standard configuration for a small home server and easy to fill out scripting could create the next new thing.

Does rolling your own email server and running it at home get you any additional privacy (in the eyes of the law)? Some of what I've read about how the NSA justifies sucking up data is because what they get is shared with a 3rd party. If you and I both run mail between our servers, that are sitting in our houses, will that still be considered shared by 3rd parties? With hardware like the Raspberry Pi and Shivaplug, it seems like it should be a fairly simple and inexpensive thing to do, too.

If nothing else, you could easily know if the NSA or whoever sent a request for information.

This is where I would go as well. For us Techies, this is pretty straight forward once you grab your domain name. Using a free DNS service coupled with your own email server should do the trick. That is until the NSA taps the fiber leading to your ISP or worse yet they get invited from your ISP to help-themselves to your data. That ultimately is the problem. Our gov has access to it all; if they want it...

You need to visualize unencrypted email as a postcard going through the snail mail. Thus home servers alone are not the answer.

from the article: Inspired by that episode over two months ago, I kicked the tires on a couple of privacy-minded e-mail providers, one based in the United States and another based in Germany. My conclusion? Europe won’t save you. In particular, German law wouldn’t offer more legal protection—and it could possibly offer less than an American provider.

Everybody is talking about "privacy" as today's topical household conversation. Why not? It is better talk about some corner stores got rob again twice in a month. But do you know, everyone is talking about "their own privacy issue". Not yours. Beware of this, their own "privacy" meaning may not be the same to your meaning of "privacy". You and him is talking about the same subject "privacy" but in totally different topic directions. He is talking about North and you are talking about South. It is like, when he meant cat flea and you are talking about dog flea. These are different kind of fleas.

It depends what one's meat by "privacy". If you are not expecting your emails to be read by the authority. You are out of luck. Every government on this planet read yours, mine, theirs emails. No matter where you are. Give the authorities an excuse, they will go over every piece of email of yours, here in the U.S. in Europe, Asia. Cops are the cops and their function are the same. They have a separate department set up to read your emails.

For others "privacy" concern, it is about police harassment. The cops read their emails. Cops want to know when would be this guy's next move, and where would he move to. Learn about the target's favorite colors, movies. Their favorite food. What he likes and what he doesn't like. What makes him cramp at night. They use this information to set them up for crimes or make their living miserable. And don't forget the "Snitches".

So yes, if you are living in U.S. and your email providers are at a foreign country. You are not completely save from the U.S. police, but saver. Saver from the police harassment. Which means, it helps. Not much, but it helps.

Quote:

So can a Swiss company provide better e-mail security and privacy than many European Union countries or the United States?

There is no such thing as personal security when comes a criminal investigation. But what about when you are not a criminal? I Learn that Swiss is a better choice than U.S.. Second place would be all other European and Asia. U.S. is the worse at the bottom of the barrel. China would be the first choice over Swiss in my opinion. So set up an email account in China.

So the Swiss are more keen on lawful interception while the US/Five Eyes countries prefer unlawful, wholesale data hoovering... If you really want privacy for your data, you need to put it out of reach of any national authority. In low orbit sounds about right.

1. Pervasive gigabit internet access on IPV62. A group to release a simple software package + mini computer (as easy to use and small as a coffee maker) that runs "cloud" software from the home.

What will this do? It will enable people to run their e-mail, shared photos, music, videos and anything else from home. This will cut out third parties, and if it's popular, it would take encryption from unheard of to ubiquitous. Ideally, it would be open source.

I don't see how any email provider can be considered private when Five Eyes are tapping fibres. By the time you read an email (that wasn't encrypted by the sender) it's already traveled to your server in the clear.

End to end encryption must be used for any private communications. Email needs to step aside.

1. Pervasive gigabit internet access on IPV62. A group to release a simple software package + mini computer (as easy to use and small as a coffee maker) that runs "cloud" software from the home.

What will this do? It will enable people to run their e-mail, shared photos, music, videos and anything else from home. This will cut out third parties, and if it's popular, it would take encryption from unheard of to ubiquitous. Ideally, it would be open source.

Something like this. It's not "coffee can" size, but it is diminutive.

For specific cases you can use TrueCrypt to triple-encrypt messages & drop the encrypted file into a mutually agreed upon free anonymous cyberlocker folder. Requires offline exchange of encryption keys, but after that you can anonymously deposit and receive messages (e.g., accessing the cyberlocker from an anonymous computer in a public library & using a proxy or three on top of that). Decryption and / or encryption can then be done on an air-gapped secure system (using USB keys to port the encrypted files from and to the air-gapped system). If both parties follow this protocol, NSA can neither discover the identities of the sender or receiver nor access the content of the messages.

I am currently in the process of switching away from google-apps for my domain, to rolling my own "cloud", e-mail and CalDAV services. It's not because I want to stop some superpower spy agency from trying to access my files, legally or otherwise; I simply don't want so much of my life's data in the hands of a corporation like the big goog. I have also switched away from chrome. The advertisements' adaptation to my browsing behaviour had become a bit too creepy. What they've accumulated thus far is out of my hands, but from now on, I want a little more privacy.

Something like this. It's not "coffee can" size, but it is diminutive.

It also needs brain-dead software that anyone can run securely. What I'm saying isn't out of reach, but it either requires a lot of dedicated open-source volunteers, or someone finding a way to monetize it.

With any e-mail provider based outside the US, you're exposing yourself to added risk -- anything travelling on international pipes is fair game for the NSA even moreso than LA to Chicago traffic. There are no limits on what they do outside of US borders. This should be balanced against the benefits.

Also remember the story about Snowden's time in Switzerland for the CIA. I think they spied on a Swiss official. The article seems to assume other countries are restricted in what they can do in Swtizerland by Swiss law. That's an odd assumption. Laws do not instantiate force fields.

Running your own server is definitely a start, but it is not a cure-all. Once your email leaves your server, it is no longer in your control. And if you use your ISP's SMTP relay, even moreso. It all comes down to what the government wants to call sharing with a third party. Does a relay passing a message on count? Or only when it's hosted on a third party's server? Where is the line drawn.

Personally, I have moved all of my email, contacts and calendaring information out of Google and Apple's services and run my own server with Dovecot w/ STARTTLS for email and DaviCAL for CardDAV/CalDAV with TLS.

For the poster who said email is like sending a postcard, you're almost correct. Sending plain email is like sending a typewritten postcard with no signature: there is no way to verify who the sending is by checking the signature/handwriting. Sending a digitally signed email (whether S/MIME or OpenPGP) is like sending a handwritten and personally signed postcard. Every can still read it, but at least the recipient will know the message is genuine.

To equate sending an email with something sent through the post, both parties have to have exchanged their public keys and the messages must be encrypted. That is the only way to really be sure about your communications. (You also need to use an encrypted connection if you're going to view them in a webmail client of some sort like Roundcube.)

The biggest problem with email and other places where digital security/encryption is important: it's still too difficult for the layperson. Until it's ready for your great-aunt who still uses AOL (even though she has a different broadband connection) and forwards you every little thing without bothering to use the BCC or cull previous recipients from the message, it's never going to catch on for the masses. And this is the problem with the internet today: security wasn't taught/built-in from the beginning.

One of the features of Owncloud I liked was being able to send a time-limited link which required a password for the recipient to view the content. The ease of use would appeal to many people while offering a decent level of privacy and security.

“For me, the weakness of the Swiss law is more that nobody controls the fact if you've been notified or not,” he noted.

The weakness of every system seems to be that nobody that is part of the governments secret surveillance branch actually gets prosecuted for violating the laws and conditions of warrants. There needs to be a line of people going to jail when the terms of warrants [or just the plain law] are violated. Just going "oh, you can't use that in court" isn't enough.

Swiss banking secrecy has been cracking at its foundation since Birkenfeld's disclosures about YBS's activities way back in 2008. The final collapse has been moving at a glacial pace but will effectively happen, due to FATCA, on the last day of 2013, when banks are required to confirm their intent to comply with FATCA or, despite no US-presence, be subject to a john-doe summons from US prosecutors (seems many hanks are scrambling to get in under the compliance deadline by dumping customers.)

You can use 7zip to encrypt attachments. It involves all parties agreeing on the password. Not great security, but it is better than nothing. I do it with accountants, lawyers, etc. Yeah it is poor security, but at least it us something you can get non-geeks to do. The alternative is they will just send the documents unencrypted.

7zip has AES-256 encryption, but getting non-geeks to use a high entropy password is tough.

So the Swiss are more keen on lawful interception while the US/Five Eyes countries prefer unlawful, wholesale data hoovering... If you really want privacy for your data, you need to put it out of reach of any national authority. In low orbit sounds about right.

That doesn't put it out of reach, that makes it available to anyone with access to LEO. I'm sure the US would be eager to apply a software patch to your satellite while it is in orbit...

Putting anything outside the borders of a country makes it MORE vulnerable, because, by definition, a lot fewer rules apply to anybody wishing to access it.

Swiss banking secrecy has been cracking at its foundation since Birkenfeld's disclosures about YBS's activities way back in 2008. The final collapse has been moving at a glacial pace but will effectively happen, due to FATCA, on the last day of 2013, when banks are required to confirm their intent to comply with FATCA or, despite no US-presence, be subject to a john-doe summons from US prosecutors (seems many hanks are scrambling to get in under the compliance deadline by dumping customers.)

Except unlike America, Switzerland has real democracy: direct democracy. The people of Switzerland do not agree with their law makers, do not want FATCA, and are working to repeal it via popular referendum.

Well... I'm not sure about the other people of Switzerland, but at least I am :-)